We appreciate your interest in our company. We take the protection of your personal data very seriously and so would like to inform you about the processing of your data as comprehensively as possible.
1. Definition of terms
a) Personal data
Personal data is all information relating to an identified or identifiable natural person (hereinafter called "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
A data subject is any identified or identifiable natural person, whose personal data is processed by a data controller responsible for the processing.
Processing is any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
d) Restriction of processing
Restriction of processing is marking stored personal data with the aim with the aim of limiting its processing in future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Controller means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of processing are determined by European Union law or the law of the Member States, the controller or the specific criteria for its nomination may be designated by European Union law or the law of the Member State.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or any other body to whom personal data is disclosed, irrespective of whether it is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients.
j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
The data subject’s consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.2. Name and contact information of controller
BSTN Store GmbH,
80799 Munich (AG München HRB 216985) ,
E-mail: [email protected]
Phone: +49 89 74 327 777
Contact information of data protection officer:
The BSTN Store GmbH data protection officer can be contacted as follows:
BSTN Store GmbH,
E-Mail: [email protected]
Phone: +49 89 743277772. Extent and purpose of processing of personal data
2.1 Accessing the website
When you access this website: www.bstn.com , the internet browser used by the visitor automatically sends data to the server of this website and stores it in a log file. Until the automatic erasure, the following data is stored without further input by the visitor:
- IP address of the visitor’s device,
- Date and time of visitor access,
- Name and URL of the page accessed by the visitor,
- Website from which the visitor arrived at the website (so-called referrer URL),
- Browser and operating system of the visitor’s device, as well as the name of the access provider used by the visitor.
The processing of such personal data is in accordance with Art. 6 (1), sentence 1 lit f) of the GDPR. The company has a legitimate interest in the data processing for the purpose of:
- Rapidly connecting to the website of the company,
- Enabling user-friendly use of the website,
- Identifying and ensuring the security and stability of the systems and
- Facilitating and improving the administration of the website.
2.2 Data collection during registration and payment processing
For the purposes of registration and payment processing, data such as the object of purchase, shopping basket, name, date of birth, address, email address, delivery address, payment type and bank data is collected and processed by us, insofar as the processing is necessary for the performance of the contract or if the customer has consented to the processing.
The legal basis for processing of personal data is Art. 6 (1), Sentence 1, lits a) and b) GDPR.
2.2 Contact form
Visitors can submit messages to the company via an online contact form on the website. In order to be able to receive an answer, at least a valid email address is required. All other information can be voluntarily provided to the person making the request. By sending the message via the contact form, the visitor agrees to the processing of the transmitted personal data. The data is processed exclusively for the purpose of processing and responding to requests via the contact form. This will be done on the basis of the voluntarily granted consent pursuant to Art. 6(1), sentence 1, lit a) GDPR. The personal data collected for the use of the contact form is automatically deleted once the request has been completed and there are no grounds for further storage.
By registering for subscription to a newsletter, visitors expressly consent to the processing of the personal data transmitted. If you have agreed to receive our newsletter customised to your individual interests, we will process your email address and your name in particular for the purpose of dispatching the newsletter. With your consent, we will record your user behaviour on our website. This evaluation of user behaviour includes in particular, which areas of the applicable website you visit, and what links you activate there. This creates personalised user profiles assigned to your person and/or email address, to better align any potential advertising campaigns, particularly in the form of newsletters and on-site advertisements, with your personal interests, and to improve the web content.
The legal basis for processing the personal data of the visitor for the purpose of sending newsletters is consent pursuant to Art. 6(1), sentence 1, lit a) GDPR.
The visitor can unsubscribe from receiving future newsletters at any time. This can be done by using a special link at the bottom of the newsletter ( Unsubscribe Men - Unsubscribe Women
) or by sending a message via email to [email protected]
You have the opportunity to participate in a raffle for some of our limited products via our website. Separate consent will be obtained from you for every prize draw. In order to clearly identify and inform the winners, we collect data such as first name and family name, address and email address. The provision of any further personal information in connection with participation is voluntary. If you are selected as a winner, we will contact you by means of the information provided and may ask for further personal information, such as age. In certain raffles, we will determine the winner with the help of a raffle tool by a service provider according to 3.3 .
We delete all data after successful transfer or processing of the prize, or within 4 weeks at the latest.
The legal basis for the processing of the personal data of the visitor for participation in the prize draw is your consent pursuant to Art. 6 paragraph 1 sentence 1a GDPR. You can revoke your consent at any time.
In the case of an application, we process only the data belonging to you that we require in the context of the application. This is, for example, contact data as well as all data in connection with your application, such as your C.V., references and qualifications.
The legal basis for saving the data is derived from Section 26 of the Federal Data Protection act (BDSG). The data will be deleted immediately, as soon as retaining it is no longer required. If the applicant is not appointed, the data will generally be deleted six months after conclusion of the application process at the latest.3. Transfer of data
Personal data will be transferred to a third party, if
pursuant to Art. 6(1), sentence 1, lit a) GDPR it has been expressly consented to by the data subject,
the transfer pursuant to Art. 6(1) sentence 1, lit f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to believe that the data subject has an overriding legitimate interest in non-disclosure of their data,
for the transmission of data pursuant to Art. 6(1) sentence 1 lit c) GDPR, there is a legal obligation, and/or
pursuant to Art. 6(1), sentence 1, lit b) GDPR, this is required for the fulfillment of a contractual relationship with the data subject.
In other cases, personal data will not be passed on to third parties.
3.1 Payment service providers
We use payment service providers as third parties in order to execute purchase contracts.
The personal data that is transferred during a payment generally includes first and family names, your address, telephone number, IP address, email address and other information that is required for the processing of your order, including the quantity of the ordered article, the article number, the invoice amount and invoice details.
Storing this data is required for the execution of the purchase contract in accordance with Art. 6 paragraph 1b GDPR.
Payment in our shop is via the following providers:
Credit card payments are processed by Paymill GmbH, St.-Martin-Strasse 63
If you want to purchase on account, your purchase will be processed by our partner Billpay GmbH. You will be asked in the ordering process to consent to the transfer to Billpay of the data necessary for the processing of the payment and for an identity and credit rating check. If you provide your consent, your data (first and family names, address, date of birth, telephone number and, for purchase by direct debit, the account details provided) as well as the data associated with your order will be transferred to Billpay.
of Billpay GmbH.
The transfer of data to Billpay GmbH for the purposes of conducting an identity and credit standing check is based on your consent pursuant to Art. 6 paragraph 1a GDPR.
You can revoke your consent at any time.
3.2 Shipping companies
Our offered products are delivered to you with the assistance of shipping companies (DHL, UPS and Fed Ex). For this purpose, the shipping companies receive the following data:
your email address (if the shipping service provider should inform you in advance of the expected delivery date).
Delivery is executed by the following service providers:DHL
Storing this data is required for the execution of the purchase contract in accordance with Art. 6 paragraph 1b GDPR.
To determine the winners of our raffles, we use third parties as service providers. The personal information that is transferred usually includes your first and last name, shipping address, phone number, e-mail address and other details such as shoe size and / or clothing size. The third party is our partner Smart Industries GmbH, Augustenstrasse 43, 80333 Munich, Germany. Legal basis for the transfer of personal data to participate in the raffle is your consent in accordance with. Article 6 (1) (1) (a) GDPR. You can withdraw your consent at any time.4. Cookies
So-called cookies are used on the website. These are data packets exchanged between the BSTN Store GmbH server and the visitor's browser. These are stored when you visit the website by the devices used (PC, notebook, tablet, smartphone, etc.). Cookies cannot damage the devices used. In particular, they contain no viruses or other malicious software. Cookies store information which is related to the specific terminal used. BSTN Store GmbH cannot use them to obtain direct knowledge of the identity of the visitor to the web site.
Cookies are largely accepted by default browser settings. The browser settings can be configured so that cookies are not accepted, either on the equipment used, or with specific notice being given before a new cookie is created. It is however important to note that disabling cookies may affect the optimum functionality of the website.
Cookies help to make it easier to use the company website. Session cookies, for example, can be used to keep track of whether the visitor has already visited individual pages of the website. Session cookies are automatically deleted when you leave the website.
Temporary cookies are used to enhance user-friendliness. They are stored on the visitor's device for a temporary period. When you visit the website again, it automatically detects that the visitor already accessed the site at an earlier point in time and which inputs and settings were made so as not to have to repeat these.
Cookies are also used to analyse the number of times the website was accessed for statistical purposes and for the purpose of improving the content. When you next visit the website, cookies make it possible to automatically detect that the web page was previously accessed by the visitor. We use both temporary and permanent cookies on our website. If cookies are linked to personal data, they are deleted if and to the extent that storage is no longer required for the purpose of data collection. Cookies can be deleted by the visitor at any time.
Analysis services and Facebook Social Plugins from the provider Facebook (Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA), Google (Adverts, Analytics) (Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA), Instagram (Instagram LLC, Willow Road Menlow Park CA94025 (USA), Criteo (Criteo SA, Gewuhrzmuhlstr). 11, 80538 Munich, Germany), Webgains (ad pepper Media GmbH, Frankenstraße 150C, 90461 Nuremberg, Germany) and trbo (trbo mbH, Römerstraße 6, 80801, Munich, Germany) are used on our website.
These allow you, in particular, to share contents of the website with your network contacts. As a result of the integration, network providers receive information that the corresponding web page of our website was accessed from your IP address. If you are logged in to the network, the network provider may also associate your visit to our website with your network account. Our analysis services work exclusively with pseudonymised user profiles, which do not make it possible to identify the data subject.
Further information can be found at:
The legal basis for the use of the analysis tools and social plugins is Art. 6(1), sentence 1, lit f) GDPR. The website analysis is in the legitimate interest of our company and is used for statistical recording of the site usage to continuously improve our website and range of services.6. Your rights as a data subject
Insofar as your personal data will be processed during a visit to our website, as a "data subject" within the meaning of the GDPR, you have the following rights:
6.1 Right to confirmation
Each data subject shall have the right granted by the European directives and regulators to obtain confirmation from the controller as to whether or not personal data concerning him or her is being processed. If a data subject wishes to avail himself or herself of this right of confirmation, he or she may, at any time, contact an employee of the controller.
You can request information from us about whether your personal data is processed by us. The right to information is excluded if the data is only stored because it may not be deleted due to legal or statutory retention periods or is stored exclusively for the purpose of data backup or data protection control, provided that the exchange of information would incur disproportionately high costs and processing for other purposes by suitable technical and organisational measures is ruled out. If in your case the right of access to information is not excluded and your personal data is processed by us, you can request disclosure from us about the following information:
Purposes of the processing,
Categories of the personal data about you that is processed,
Recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations,
Where possible, the envisaged period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that storage period,
The existence of the right of rectification or erasure or restriction on processing of your personal data or a right to object to such processing,
The existence of the right to lodge a complaint with a supervisory authority,
If the personal data was not collected from you as the data subject, the available information on the origin of the data,
Or where applicable, the existence of automated decision-making, including profiling and meaningful information about the logic involved and also the scope and desired impact of the automated decision-making,
Where applicable, in case of the transmission to recipients in third countries, provided that there is no decision of the EU Commission regarding the adequacy of the level of protection according to Art. 45(3) of the GDPR, information about which appropriate guarantees pursuant to Art. 46(2) GDPR have been provided for the protection of personal data.
6.3 Rectification and completion
If you determine that we may hold inaccurate personal data about you, you can request immediate correction of this incorrect data. In the case of incomplete personal data, you may request completion.
You have a right to erasure ("Right to be forgotten"), insofar as the processing is not required to exercise the right to freedom of expression, the right to information or for the fulfillment of a legal obligation or for the performance of a task carried out in the public interest, and one of the following reasons applies:
The personal data is no longer necessary for the purposes for which it was processed.
The basis of the justification for the processing was exclusively your consent, which you have withdrawn.
You have objected to the processing of your personal data, which we have made publicly available.
You have objected to the processing of personal data not made publicly available by us and there are no overriding legitimate grounds for the processing.
Your personal data has been processed unlawfully.
The erasure of the personal data is required to comply with a legal obligation, to which we are subject.
No claim for erasure exists if, in the event of legitimate non-automated data processing, due to the specific nature of the storage, it is not possible or only with disproportionately high expense and your interest in the erasure is minimal. In this case, limitation of processing shall replace erasure.
6.5 Limitation of processing
You can request limitation of processing from us, if one of the following reasons applies:
You dispute the accuracy of the personal data. In this case, the limitation may be required for the time needed for us to check the accuracy of the data.
The processing is unlawful and, instead of deletion, you demand limitation of the use of your personal data.
Your personal data is no longer needed by us for the purposes of processing, but is still required by you for the assertion, exercise or defence of legal claims.
You have presented an objection according to Art. 21(1) of the GDPR. The limitation of processing may be extended for as long as it remains to be decided whether our legitimate reasons outweigh your reasons.
Limitation of processing means the personal data may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on the grounds of an important public interest. We have a duty to inform you before we remove the limitation.
6.6 Data portability
You have a right to data portability provided that the processing is based on your consent (Art. 6(1), sentence 1, lit a) or Art. 9(2) lit a) GDPR) or is based on an agreement of which you are a contracting party and the processing is performed using automated procedures. The right to data portability in this case includes the following rights, provided this does not affect the rights and freedoms of others: You can ask us to keep the personal data you have provided to us, in a structured, consistent and machine-readable format. You have the right to transfer this data to another controller without hindrance on our part. As far as is technically feasible, you can demand from us that we transfer your personal data directly to another controller.
If the processing is pursuant to Art. 6(1), sentence 1 lit e) of the GDPR (performance of a task carried out in the public interest) or Art. 6(1), sentence 1 lit f) of the GDPR (legitimate interests pursued by the controller or by a third party), you have the right for reasons related to your specific situation to object at any time to the processing of personal data concerning you. This also applies to profiling pursuant to Art. 6(1), sentence 1 lit e) or lit f) of the GDPR. After you exercise the right of objection, we will stop processing your personal data, unless we can prove there are compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or that the processing serves the purpose of asserting, exercising or defending legal claims.
You can object at any time to the processing of your personal data for direct marketing purposes. This also applies to profiling in connection with such direct marketing. Once this right is exercised, we will no longer use the relevant personal data for direct marketing purposes.
6.8 Withdrawal of consent
You have the right to withdraw, with future effect, your consent at any time. The withdrawal of consent can be communicated informally by phone, email or to our postal address. The legality of the data processing performed on the basis of consent up to the receipt of the revocation shall not be affected by the withdrawal. Upon receipt of the withdrawal, the data processing, which is based exclusively on your consent, is discontinued.